The introduction of GDPR Regulation in European Union heralds the most significant change to Data Protection Law in EU, and globally, in recent years.

Every organisation that collects, processes or shares Personal Data now must comply with this Regulation. This Regulation has been in force since 24th May 2016 and has been enforced from 25th May 2018.

This involves organisations understanding what Personal Data they currently hold or process, the risks associated to these data, adapting their business processes and infrastructure, implementing tools and compliance processes, and changing the way they collaborate with their suppliers.

Regulatory compliance might be seen as an administrative burden and extra cost. However, ignoring it or getting it wrong could have costly repercussions.

Organisations found to be in breach of this regulation face the following Administrative Fines:

Administrative Fines

10 million or in case of an undertaking, 2% total worldwide annual turnover in the preceding Financial year (whichever is greater) if you contravene the following Articles:

8. child consent

11. processing not required identification

25. data protection by design and by default

26. joint controllers

27. representatives of controllers not established in EU

26-30. unlawful processing

31. co-operation with supervisory authority

32. data security

33. notification of breaches to supervisory authority

34. communication of breaches to data subjects

35. DPIA (Data Protection Impact Assessment)

36. Prior Consultation

37-39. DPO

41(4). Approved codes of contact monitoring

43. certification by approved certification bodies

20 million or in case of an undertaking 4% total worldwide annual turnover in the preceding Financial year (whichever is higher) if you contravene the following Articles:

58(2). Orders, limitations on processing or the supervisions of data flows

A GDPR Compliant Organization can avoid significant fines and reputational damage, but will also have a more robust and reliable data handing information security, compliance and contractual relationships.

GDPR brings two important changes to EU

The 1st is the introduction of a level plane field where all member states have a uniform implementation to all member states by mean of the GDPR Regulation.

All Companies, corporations, private proprietorships and partnerships, supplying goods and services within the EU as well as from the Global into EU, provides the same set of requirements as to whom they collect, process, store, protect and transfer of Personal Data of subject individuals.

The 2nd important requirement is that the Rights of Data Subjects are protected within the EU, between member states, cross border to third countries and from third countries into EU.

Requirement:

Organisations are required by law to respect, protect and secure personal data as from May 25, 2018.